Source URL: https://www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/
Source: The Register
Title: VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time
Feedly Summary: If the first patches don’t work, try, try again
VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems after the first software update, issued last month, didn’t work.…
AI Summary and Description: Yes
Summary: VMware’s critical vulnerabilities in vCenter Server necessitate urgent patching due to the potential for remote code execution and privilege escalation by attackers. These flaws highlight ongoing security challenges in widely-used infrastructure software.
Detailed Description: The text delineates significant vulnerabilities identified in VMware’s vCenter Server that could lead to severe security breaches. Here’s a breakdown of the pertinent points:
– **Vulnerabilities Identified**:
– **CVE-2024-38812**:
– Critical heap-overflow bug tracked by CVSS 9.8/10.
– Affects vCenter 7.0.3, 8.0.2, and 8.0.3, and versions of vSphere or VMware Cloud Foundation before those mentioned.
– Exploitable without any user interaction by sending a specially crafted network packet allowing remote code execution (RCE).
– **CVE-2024-38813**:
– Described as a “make-me-root” flaw, earning a CVSS rating of 7.5.
– Allows a user with network access to escalate privileges to root by sending crafted packets.
– **Patch Urgency**:
– The text emphasizes that both vulnerabilities must be patched immediately as they pose a substantial risk to vulnerable systems. No workarounds are available, reinforcing the need for quick remedial action.
– Broadcom’s advisory stresses that all customers should adhere to the Response Matrix for updates.
– **Targeted Exploitation**:
– The widespread deployment of VMware software makes it a lucrative target for attackers, including organized ransomware operations and advanced persistent threats from nation-states.
– Historical context indicates ongoing threats, with Mandiant reporting that Chinese cyberspies exploited a different vCenter vulnerability.
– **Discovery of Vulnerabilities**:
– Both flaws were discovered during competitive cybersecurity events, emphasizing the proactive role of academic institutions in identifying real-world security issues.
In conclusion, these vulnerabilities underlie the importance of robust patch management and monitoring practices in IT infrastructure security, particularly in environments reliant on widely used services such as VMware. Security and compliance professionals must prioritize staying informed about such vulnerabilities and enforce immediate action to mitigate risks.